Information Security and IT Risk Management

Description

This new text provides students the knowledge and skills they will need to compete for and succeed in the information security roles they will encounter straight out of college. This is accomplished by providing a hands-on immersion in essential system administration, service and application installation and configuration, security tool use, TIG implementation and reporting.

It is designed for an introductory course on IS Security offered usually as an elective in IS departments in 2 and 4 year schools. It is not designed for security certification courses.

Related Resources

Instructor

Student

About the Author

Manish Agrawal recieved his PhD Information Systems from SUNY Buffalo in 2002 and?Bachelor and Master degrees in Electrical Engineering from the Indian Institute of Technology in Kanpur, India. He is an Associate Professor in the?Department of Information Systems and Decision Sciences at the University of South Florida. He currently teaches courses in business data communications, information security and web applications development.?He was the recipient of USF's university-wide award recognizing teaching excellence in 2006 and has published research in academic journals including Management Science, INFORMS Journal on Computing, Journal of Management Information Systems, IEEE Transactions on Software Engineering, Decision Support Systems and the Journal of Organizational Computing and Electronic Commerce. His research and teaching have been funded by the US National Science Foundation, the US Department of Justice, the Indo-US Science and Technology Forum and Sun Microsystems.

Hands-on skills: Almost every chapter of the book will require students to dig into the black box that is a computer system using a Virtual Machine, downloadable from the BCS. The Virtual Machine will provide a customized Linux distribution with common defects injected. As part of their chapter exercises, students will be guided through the process of detecting and fixing these defects.

Information Security design case: A running case throughout the chapters will give students the opportunity to apply the skills learned in a chapter in a fictional organization. The organization will be loosely based on a typical state university.

Accessibility: Though the content in the book is highly technical, it is also quite accessible to virtually any student with a strong interest in technology and a willingness to learn technology. This is possible because the book is self-contained, and provides a quick introduction to background material such as IP addresses and port addresses that is necessary to complete the hands-on exercises.

Coverage of professionally important topics: The book focuses on skills needed by fresh college graduates entering the job market. Issues relevant to senior managers are highlighted to make students aware of the concerns of the managers they will encounter, instead of trying to help students take on senior managerial roles.

Relevance to practice: Two of the co-authors of the book are practicing administrators of the University of South Florida IT infrastructure. The second author of the book is the Director for Information Security at USF. In this role, he has personal responsibility for creating and implementing information security across the USF infrastructure. He also routinely hires fresh college graduates in his organization. With over 40,000 students, USF is one of the largest universities in the country, and the USF IT infrastructure is comparable in size and activity to many large IT systems. Therefore, he is in a very good position to cover topics from the perspective of a prospective recruiter of IS students.

The third author is the network manager with day-to-day responsibility for keeping USF’s networks running at peak performance. He is also one of the strongest technical hands on campus, with deep knowledge of protocols and products. As the network manager, he is the first to know of attacks reaching the campus, and also the frontline person responsible for preventing these attacks from causing damage on campus.

IS 2010 alignment: The book has been designed from the ground up to be aligned with the IS 2010 curriculum guidelines. Faculty adopting the book will be able to hit the ground running in regards to compliance with the guidelines.